Method of handling security key change and related communication device

ABSTRACT

A method of handling security key change for a user equipment in a wireless communication system includes applying a radio resource control procedure to activate key change, where the radio resource control procedure covers two conditions where the key change is accompanied with an authentication and key agreement run and without an authentication and key agreement run.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a Continuation of U.S. patent application Ser. No.12/328,772, filed on Dec. 5, 2008, which claims the benefit of U.S.Provisional Application Ser. No. 60/992,675, filed Dec. 5, 2007, theentire disclosures of which are incorporated herein by reference.

FIELD

The present invention relates to a method and related communicationdevice for a wireless communication system and more particularly, to amethod of handling a security key change for a wireless communicationsystem and related communication device.

BACKGROUND

The third generation (3G) mobile communications system has adopted aWideband Code Division Multiple Access (WCDMA) wireless air interfaceaccess method for a cellular network. WCDMA can provide high frequencyspectrum utilization, universal coverage, and high quality, high speedmultimedia data transmission. The WCDMA method also meets all kinds ofQoS (Quality of Service) requirements simultaneously, providing diverseflexible two-way transmission services and better communication qualityto reduce transmission interruption rates.

In order to protect user data and signaling information from beingintercepted by unauthorized devices, the prior art 3G mobilecommunications system can trigger ciphering or integrity protection (IP)through a Security Mode Control (SMC) procedure and make sure that datatransmission is more secure. The ciphering procedure calculateskeystream data through a ciphering algorithm, then the transmitterencrypts plain-text data with the keystream data to generate cipher-textdata, and the receiver can decipher the received cipher-text data withkeystream data the same as the keystream data used in the transmitter,so as to obtain the plain-text data.

Regarding security of data transfer, the 3rd Generation PartnershipProject. 3GPP develops a security architecture specification to providean Authentication and Key Agreement (AKA) for use between the UE and thecore network (CN). With Authentication and Key Agreement, the UE and theCN can authenticate each other and ensure data security and ciphering.That is, a new key set will be allocated to the UE after the AKA is runin a mobile management (MM) layer.

Please refer to FIG. 1. which is a schematic diagram of a key hierarchyfor a long term evolution (LTE) in wireless communication system. Basedon different security levels, the UE includes a permanent key K. aciphering key (CK), an integrity key (IK), a base key KASME, anon-access stratum encryption key K(NAS, enc), a non-access stratumintegrity K(NAS, int) and a base station level key KeNB. The permanentkey K exists in universal subscriber identity module (USIM). CK and IKare used for ciphering and integrity protection in universal mobiletelecommunication system (UMTS). The KASME is used between the UE and anaccess security management entity (ASME). As for a non-access stratum(NAS), K(NAS, enc) and K(NAS, int) are used for encryption and integrityprotection of non-access stratum message, respectively. A user plane(UP) key KeNB-UP-enc and radio resource control (RRC) keys KeNB-RRC-intand KeNB-RRC-enc are derived from the KeNB and used for encryption foruser plane data, integrity for RRC messages, and encryption for the RRCmessages, respectively. The derivative relationship of keys between eachlevel is illustrated in FIG. 1. For example, the KeNB can be derivedfrom the KASME via a particular algorithm and so on. When the UE isoperated in a radio resource control connected (RRC_CONNECTED) mode or aLTE_ACTIVE mode, the UE and the eNB derive the UP and RRC keys (i.e.KeNB-UP-enc, KeNB-RRC-int and KeNB-RRC-enc) from the KeNB. When the UEenters an RRC_IDLE or LTE_IDLE mode, the KeNB. KeNB-UP-enc,KeNB-RRC-int, and KeNB-RRC-enc are deleted from the eNB. In addition, asa result of an AKA run in the UE, each key shown in FIG. 1 must berefreshed when a key change is performed following the AKA run.

When the LTE is operated in the RRC_CONNECTED or LTE_ACTIVE mode, thefour requirements regarding the change of keys in the eNB are describedas follows in order to ensure data security:

(1) If the sequence numbers that have a length of finite bits and usedfor the UP or RRC ciphering/integrity protection are about to wraparound, the respective keys shall be changed,

(2) If a UE has been in LTE_ACTIVE for a long period of time, the keysfor UP and RRC ciphering/integrity protection shall be changed, eventhough the sequence numbers are not close to wrapping-around.

(3) Lifetime of K.sub.ASME shall be restricted.

(4) If the UE has performed an inter-RAT handover from UTRAN/GERAN toLTE. all keys shall be updated within seconds.

However, in cases of (1) and (2). the AKA is unnecessary to run to getnew keys. Changes of eNB-local UP and RRC keys are sufficient. This can,for example, be achieved by deriving new UP and RRC keys from theexisting K.sub.eNB in the eNB itself, or by deriving a new K.sub.eNBfrom the existing K.sub.ASME. In cases of (3) and (4). the whole keyhierarchy based on K.sub.ASME must be updated based on a new AKA run.

According to the related specifications, the approach for activating thekey change in a RRC_CONNECTED or LTE_ACTIVE mode has not been decidedyet. One approach could be an intra-cell handover procedure. Regardingthe intra-cell handover procedure, the network performs a handover tothe same cell which the UE is already in. Only the AS (Access Stratum)keys are refreshed by the intra-cell handover in similarity with aninter-cell handover. The new AS keys are derived from the previous ASkeys.

When the LTE is operated in the RRC_CONNECTED or LTE_ACTIVE mode, thereare two types of key changes to consider: the key change with the AKArun and the key change without the AKA run. It is not clear in the priorart how the key change should be performed.

SUMMARY

Therefore, the present invention provides a method of handling asecurity key change and related communication device.

The present invention discloses a method of handling a key change for aUE in a wireless communication system. The method includes using an RRCprocedure to activate the key change for a first condition and a secondcondition. The first condition is a key change with an AKA run. Thesecond condition is a key change without the AKA run.

The present invention further discloses a communication device forperforming a key change for a wireless communication system. Thecommunication device includes a processor, and a storage device. Theprocessor is installed in the control circuit, and used for executing aprocess. The storage device is coupled to the processor, and used forstoring a program code for executing the process. The process includesusing an RRC procedure to activate the key change for a first conditionand a second condition. The first condition is a key change with an AKArun. The second condition is a key change without the AKA run.

These and other objectives of the present invention will no doubt becomeobvious to those of ordinary skill in the art after reading thefollowing detailed description of the preferred embodiment that isillustrated in the various figures and drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram of a key hierarchy for a LTE in wirelesscommunication system.

FIG. 2 is a schematic diagram of a wireless communication system

FIG. 3 is a function block of a wireless communication system.

FIG. 4 is a flowchart of a program shown in FIG. 3.

FIG. 5 is a flowchart of a process according to an embodiment of thepresent invention,

DETAILED DESCRIPTION

Please refer to FIG. 2, which is a schematic diagram of a wirelesscommunications system 10. The wireless communications system 10 ispreferred to be a Long Term Evolution (LTE) communications system, andis briefly formed with a network terminal and a plurality of userequipments. In FIG. 2, the network terminal and the user equipments aresimply utilized for illustrating the structure of the wirelesscommunications system 10. Practically, the network terminal may includea plurality of evolved base stations (eNBs), an evolved UMTS radioaccess network (EUTRAN) and so on according to actual demands, and theuser equipments (UEs) can be apparatuses such as mobile phones, computersystems, etc.

Please refer to FIG. 3, which is a functional block diagram of acommunications device 100. The communications device 100 can be utilizedfor realizing the UES in FIG. 2. For the sake of brevity. FIG. 3 onlyshows an input device 102, an output device 104, a control circuit 106,a central processing unit (CPU) 108, a memory 110, a program 112, and atransceiver 114 of the communications device 100. In the communicationsdevice 100, the control circuit 106 executes the program 112 in thememory 110 through the CPU 108, thereby controlling an operation of thecommunications device 100. The communications device 100 can receivesignals input by a user through the input device 102, such as akeyboard, and can output images and sounds through the output device104, such as a monitor or speakers. The transceiver 114 is used toreceive and transmit wireless signals, delivering received signals tothe control circuit 106, and outputting signals generated by the controlcircuit 106 wirelessly. From a perspective of a communications protocolframework, the transceiver 114 can be seen as a portion of Layer 1, andthe control circuit 106 can be utilized to realize functions of Layer 2and Layer 3.

Please continue to refer to FIG. 4, FIG. 4 is a schematic diagram of theprogram 112 shown in FIG. 3. The program 112 includes an applicationlayer 200. a Layer 3 202, and a Layer 2 206, and is coupled to a Layer 1208. The Layer 3 202 includes a radio resource control (RRC) entity 222,which is used for controlling the Layer 1 218 and the layer 2 206 andperforming peer-to-peer RRC communication with other communicationsdevices, such as a base station or a Node-B. The RRC entity 222 switchesthe communication device 100 between a radio resource control idle(RRC_IDLE) mode and a radio resource control connected (RRC_CONNECTED)mode.

When the communication device 100 is operated in the RRC_CONNECTED mode,a key change handling program 220 is provided in the program 112according to an embodiment of the present invention and used fordetermining whether the key change is accompanied with an AKA(Authentication and Key Agreement) run or not. Please refer to FIG. 5,which is a flowchart of a process 40 according to an embodiment of thepresent invention. The process 40 is used for handling a key change forthe UE in a wireless communication system and can be compiled into thekey change handling program 220. The process 40 includes the followingsteps:

Step 400: Start.

Step 402: Use an RRC procedure to activate the key change.

Step 404: Determine an accompanying relationship between the key changeand the AKA run.

Step 406: Derive the new AS keys based on the rest of Step 404.

Step 408: End.

According to the process 40, the embodiment of the present inventionuses an RRC procedure for activating the key change for followingconditions associated with the accompanying relationship between the keychange and the AKA run: (1) the key change with the AKA run and (2) thekey change without the AKA run.

Preferably, when the UE is operated in the RRC_CONNECTED mode or theLTE_ACTIVE mode. the UE receives an RRC message from the eNB during theRRC procedure. The RRC message includes an indicator for indicating thekey change accompanied with the AKA run or not.

An access Stratum (AS) key set, preferably, includes a user planeencryption key K.sub.eNB-UP-enc, an RRC integrity key K.sub.eNB-RRC-intand an RRC encryption key K.sub.eNB-RRC-enc. The derivative relationshipof the aforementioned AS key set can be referred to previousdescriptions and not narrated herein. When the indicator indicates thatthe key change is accompanied with an AKA run, this means that the AKArun was performed earlier than the key change, and thus the UE mustderive a new AS key set from the new base key K.sub.ASME. On thecontrary, when the indicator indicates the key change is not accompaniedwith the AKA run, the new AS key set must be derived from a previous(old) K.sub.ASME or K.sub.eNB. Thus. the UE can determine whether thekey change is accompanied with the AKA run or not, and accordinglygenerates the corresponding new AS key set.

On the other hand. the UE can maintain a status which indicates whetherthe key set associated with the most recent AKA run has been activatedor not. When an AKA run is performed, the status is set to a firstvalue, indicating that a new key set is allocated but has not beenactivated vet. After the new key set is activated, the status is set toa second value to indicate that the new key set has been activated. Forexample, the status can be represented by a binary bit. When the binarybit is set to “0”, this means that the key set has been activatedalready. When the binary bit is set to “1”, this means that the new keyset associated with the most recent AKA run is allocated but has notbeen activated. After the new key set is activated. the binary bit isreset to “0”.

In addition, when the UE in the RRC_CONNECTED mode or the LTE_ACTIVEmode receives the RRC message from the eNB for activating the keychange. the UE determines the accompanying relationship between the keychange and the AKA run according to the status. When the status is setto the first value, the UE determines the key change with the AKA run.When the status is set to the second value, the UE determines the keychange without the AKA run. For example, when the status is set to “0”,this means that the key set has been activated already and the new ASkey set should be derived from the previous base key K.sub.ASME orK.sub.eNB. When the status is set to “1”, this means that the new keyset is allocated but has not been activated and the new AS key setshould be derived from the new base key K.sub.ASME. After the keychange, the status is reset to “0”, indicating the new AS key set hasbeen activated.

As known above, the UE can refresh the AS key set by determining whetherthe key change is accompanied with an AKA run.

To sum up, the embodiment of the present invention uses an RRC procedurefor activating the key change and determines whether the key change isaccompanied with the AKA. run during the RRC procedure.

Those skilled in the art will readily observe that numerousmodifications and alterations of the device and method may be made whileretaining the teachings of the invention. Accordingly, the abovedisclosure should be construed as limited only by the metes and boundsof the appended claims.

What is claimed is:
 1. A method of handling a key change for a basestation in a wireless communication system, the method comprising: usinga radio resource control (RRC) procedure to activate the key change,wherein an RRC message of the RRC procedure comprises an indicator forindicating whether an Access Stratum (AS) key set is derived from a baseice or a previous base station level key.
 2. The method of claim 1,wherein the RRC procedure is a handover procedure.
 3. The method ofclaim 1, wherein the base key is a KASME.
 4. The method of claim 1,wherein the AS key set comprises a user plane encryption key, an RRCintegrity key, and an RRC encryption key.
 5. A communication device fora user equipment (UE) for performing a key change for a wirelesscommunication system, the communication device comprising: a centralprocessing unit, for executing a process; and a memory, for storing aprogram for executing the process, wherein the process comprises;receiving an RRC message for activating the key change during a RRCprocedure, wherein the RRC message comprises an indicator for indicatingwhether to derive an Access Stratum (AS) key set from a base key or aprevious base station level key.
 6. The communication device of claim 5,wherein the AS key set comprises a user plane encryption key, an RRCintegrity key, and an RRC encryption key.
 7. The communication device ofclaim 5, wherein the RRC procedure is a handover procedure.
 8. Themethod of claim 5, wherein the base key is a KASME.
 9. A communicationdevice for a base station for performing a key change for a wirelesscommunication system, the communication device comprising: a centralprocessing unit, for executing a process; and a memory, for storing aprogram for executing the process, wherein the process comprises: usinga radio resource control (RRC) procedure to activate the key change,wherein an RRC message of the RRC procedure comprises an indicator forindicating whether an Access Stratum (AS) key set is derived from a basekey or a previous base station level key.
 10. The communication deviceof claim 6, wherein the RRC procedure is a handover procedure.
 11. Themethod of claim 9, wherein the base key is a KASME.
 12. The method ofclaim 9, wherein the AS key set comprises a user plane encryption key,an RRC integrity key, and an RRC encryption key.
 13. A method ofhandling a key change for a user equipment (UE) in a wirelesscommunication system, the method comprising: receiving an RRC messagefor activating the key change during a RRC procedure, wherein the RRCmessage comprises an indicator for indicating whether to derive anAccess Stratum (AS) key set from a base key or a previous base stationlevel key.
 14. The method of claim 13, wherein the AS key set comprisesa user plane encryption key, an RRC integrity key, and an RRC encryptionkey.
 15. The method of claim 13, wherein the RRC procedure is a handoverprocedure.
 16. The method of claim 13, wherein the base key is a KASME.